[OpenID] Should Openid's resolve to their descriptors in v.next?
John Bradley
ve7jtb at ve7jtb.com
Thu Nov 19 16:50:45 UTC 2009
There are privacy reasons for keeping identifier select.
In the Gov case the RP doesn't want a correlatable identifier and in some cases may be legally prohibited from taking one.
What identifier is used to discover the identifier select service is another question. It doesn't need to be a URL in the future.
John B.
On 2009-11-19, at 1:26 PM, Dirk Balfanz wrote:
> Not sure how you define "resolves to", but given an OpenID, you need
> to find the OP endpoint for that OpenID. The OP endpoint is just
> another URL that is in a certain relation with the OpenID URI (the
> "is-op-endpoint-for" relation). This can be expressed with a link
> header on the OpenID (if it's a URL), through an entry in the OpenID's
> resource descriptor, or perhaps some other way (e.g., link element in
> the HTML you get when accessing the OpenID).
>
> I guess I'm not sure what you're asking, but does this explain the
> role of the resource descriptor in OpenID?
>
> As for directed identity, again you're trying to find the OP endpoint,
> but this time you're not starting with an OpenID, but rather with a
> name for the somewhat more amorphous concept of an "OP" (OpenID 2 uses
> URLs for this name, but I don't think that's a good idea). Again, one
> way to find the OP endpoint is to look it up in the resource
> descriptor of the OP. (The best candidate I've seen so far for that
> resource descriptor is host-meta.)
>
> Dirk.
>
> On Thursday, November 19, 2009, Santosh Rajan <santrajan at gmail.com> wrote:
>> This is something that has me stumped. I am sure this subject has been discussed in various forms before. But i think we need to clarify this, now that we are talking about openid v.next.
>> Let us start with the semantic web folks. According to them the answer is no (if i have understood them correctly)! eg. if John's OpenID was http://example.com/john, then according to the semantic web folks
>>
>> 1) http://example.com/john#me is John's OpenID2) http://example.com/john#home is John's homepage
>> 3) http://example.com/john#RDF is John's resource descriptor. (I am using RDF, or Atom if you may) instead of XRD because I am pissed off by XRD).
>>
>> Also they have another solution called content negotiation, (but it does not matter as far as this discussion is concerned).
>> Next is OpenID 1.0. According to which John's OpenID resolves to his html homepage, which will contain his resource descriptor information.
>>
>>
>> Then we have directed identity, which resolves to nothing really, other that some "BIG EGOS". This should be dumped, and we should assuage the big ego's with an acct: URI. Which is actually fair.
>>
>>
>> Then we come to the final problem of OpenID's and acct: URI's. Both should resolve to something, and the same thing. The resource descriptor.
>> Now I firmly believe that identifiers should resolve to their descriptor's. It is only fair that identifiers resolve to something meaningful. This is where i disagree with the semantic web folks.
>>
>>
>> Then we come to the final question. Do we dump the idea of OpenID's resolving to the document page? And make it mandatory for OpenID's to resolve to the descriptors? Or we need a descriptor format that is compatible and can be merged in to the html? Or we solve the problem with content negotiation?
>>
>>
>> --
>> http://hi.im/santosh
>>
>>
>>
>>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2468 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091119/7804da65/attachment.bin>
More information about the general
mailing list